Posted
by
timothy
on Wednesday July 16, 2003 @12:29PM
from the blow-me-over-with-a-feather dept.

syzme writes "According to The Register (as well as Reuters and News.com), 'The U.S. Department of Homeland Security has signed a deal for Microsoft software worth something in the region of $100 million, covering servers and over 140,000 desktops. This does not however mean that Microsoft and its hench-OEM Dell are poised to hoover up all of the Department's lovely IT budget, nor indeed that this is all new money for them; largely, it seems to be more a case of Microsoft holding onto business it's already got.'" This shouldn't be much of a surprise -- remember the Federal government is already Microsoft's biggest customer.

It means "guarded condition", immediately above green ("low threat level") and below yellow ("elevated risk of terror attack"). Personally I find it redundant to have this department since the CIA, FBI, NSA, and DIA should have caught the 09/11 attacks before they happened in the first place. But nevertheless the "blue" level does exist.

Sound spooky, would the patch forward data secretly to the DoHS and update the computer so the user can't encrypt data or empty the Recycle Bin? Because allowing citizens to protect their data from prying eyes is a (homeland) security vulnerability!

One night, I was like, writing a report on how Iraq was trying to buy yellowcake from Nigeria, when all of a sudden it went berserk, the screen started flashing, it was like BEEP BEEP BEEP and the whole paper just disappeared. All of it. And it was a good report! I had to cram and rewrite it really quickly. Needless to say, my rushed report wasn't nearly as good, and now Tony Blair is like, in danger of losing his job!

Terrorists applaud selection of Microsoft for Department of Homeland Security.

Information Technology consultants for Al Qaeda were pleased with the the US government selection of Microsoft to supply the Dept. of Homeland Security with servers and over 140,000 desktops. Mohammed Al'Hacker beamed, "Microsoft systems allow for unmatched file sharing and remote access. We will save millions of dollars by simply being able access Homeland Security databases over the internet, rather than having to pay for bribes and expensive operatives. We are so pleased that the infidels chose 'open data' over 'open source.'"....

> No wonder Windows cost so much. That's $43 per work hour!> And that would be 121 people working for 4 years!

And remember! If you work for MSFT, now you get paid in restricted stock, not stock options!

That's right! You pay all the income *tax* as if you'd cashed in stock options up front, and you get all the *risk* of owning stock! Don't you feel more motivated already? 80-hour work weeks for everyone! Woohoo!

(Sorry, son, too many of you became millionaires in the last boom. Can't have t

Was it the sheep climbing onto the altar, or the cattle lowing to be slain,or the Son of God hanging dead and bloodied on a cross that told me this was a world condemned, but loved and bought with blood.

I dont' know man, you're linking unneducated anti linux FUD. It's not a matter of opinion, but lack of information.

I would be curious to know if you've actually looked at data, and come to the conclusion that Linux is less secure than Windows stuff. If that's the case, I might suggest that you keep on reading and get the whole picture!

Cuz security really couldn't get much worse than MS offerings.

What I'm saying is, wether or not you mean to troll, that's the net effect. If you do have a compelling rea

Given Microsoft's record of continual failure with regards to security, I've always thought putting MS in charge of security (as with Palladium) was like asking the wolf to guard the sheep.

Given that 'homeland security' is really a euphemism for something between 'Big Brother' ("total informational awareness" etc.) and 'Political Police', I for one am relieved they are sufficiently incompetent to select Microsoft as their platform. This may, and I stress may, slow down our slide into a complete surveillance society submerged beneath ubiquitous governance.

Or not, as it may be just the prelude needed for even more draconian legislation and public hysteria when Microsoft's chronic security issues begin to affect our perceived safety, leading to the unpleasant irony of having the technical ability to monitor and ubiquitously govern every man, woman, child, dog, cat, and garden slug in the country diminished while providing the political excuse for accelerating legislation through congress that makes the former pre-Gorbochov soviet parliament look positively liberal by comparison.

What we do know for certain is that it puts a lot of money in the pockets of a convicted monopolist, which isn't helpful to anyone (other than said monopolist).

As a die hard OpenStep X user, I have to take issue with the idea that it runs hardly any software. I suppose that your comment is born of jealousy that OS X can run pretty much all of the software that Linux can as well as a fair proportion of commercial software that will remain beyond the reach of Linux users until someone gets enough mindshare to stabilize the libraries.

FUD aside, I do agree that governments should stay the hell away from any single source supplier like MS or Apple, no matter how good

...I've always thought putting MS in charge of security (as with Palladium) was like asking the wolf to guard the sheep.

Perhaps one of these analogies would work, too:

It's like putting a steel door on a cardboard box.
It's walking into a battlefield backwards.
It's like carrying a tiger-repellant rock.
It's like driving eyes-closed because "God is my pilot (or whatever)"

Basically, Microsoft + Homeland Security = a smoking hole that will become the ocean separating Mexico and Canada.

Good news: Orwellian homeland securty is now going to lose all your data as fast as it collects it.Bad News: "In other news, After extensive backround checks by homeland security, Mr. Nedal Nib Amaso is now head of NTSB....."

'There are three stages in your reintegration,' said O'Brien. 'There is learning, there is understanding, and there is acceptance. It is time for you to enter upon the second stage.'...

Do you remember writing in your diary, "I understand how: I do not understand why"? It was when you thought about "why" that you doubted your own sanity....

'You are ruling over us for our own good,' he said feebly. 'You believe that human beings are not fit to govern themselves, and therefore --'

He started and almost cried out. A pang of pain had shot through his body. O'Brien had pushed the lever of the dial up to thirty-five.

'That was stupid, Winston, stupid!' he said. 'You should know better than to say a thing like that.'

'Now I will tell you the answer to my question. It is this. The Party seeks power entirely for its own sake. We are not interested in the good of others; we are interested solely in power. Not wealth or luxury or long life or happiness: only power, pure power. What pure power means you will understand presently. We are different from all the oligarchies of the past, in that we know what we are doing. All the others, even those who resembled ourselves, were cowards and hypocrites. The German Nazis and the Russian Communists came very close to us in their methods, but they never had the courage to recognize their own motives. They pretended, perhaps they even believed, that they had seized power unwillingly and for a limited time, and that just round the corner there lay a paradise where human beings would be free and equal. We are not like that. We know that no one ever seizes power with the intention of relinquishing it. Power is not a means, it is an end. One does not establish a dictatorship in order to safeguard a revolution; one makes the revolution in order to establish the dictatorship. The object of persecution is persecution. The object of torture is torture. The object of power is power. Now do you begin to understand me?'

> Good news: Orwellian homeland securty is now going to lose all your data as fast as it collects it. > Bad News: "In other news, After extensive backround checks by homeland security, Mr. Nedal Nib Amaso is now head of NTSB....."

Surveying the smoldering crater, President Ballmer was heard to remark "Y'know, they should have known that
J0N45H-C40FT15-054M4-B1NL4-D3NIN-4-P16-5U1T wasn't a valid activation key."

Wasn't most of the DHS already around, and thus, already had desktops and software and all that garbage? Did they throw it all out instead of just installing a comparatively small set of computers and buying licenses for those?

Security can only be as good as the most insecure point, which doesn't make me feel to good about Microsoft winning this contract.

Imagine this senario: DoHS employee writes up a memo about who they are currently profiling and what information they have on file and saves it to his hard drive. Some terrorist writes an e-mail virus designed to send word file back to an account he can access. He then sends this virus to a department account where it spreads and sensitive information is transmitted back to the terrorist.

Virusus like these have already been proven viable in MS Outlook. One can only hope that they are taking the appropriate measures to ensure that all employees have their computers locked down tight.

Except that, specifically in the CIA, outside internet connections are handled on seperate pc's [yahoo.com]that the agent has to switch over to using a KVM, making it all but impossible to send a virus to their network. I'd have to imagine that the DHS would be set up similarly.

Among other problems, Berkowitz found that CIA analysts must bounce between multiple, isolated systems to gather information, including separate systems on each desk for accessing the CIA's classified network and using the public Internet.

It only takes a small human error to save a document on a Internet connected computer. I'm sure this has happened before, or, if not, it should be expected to. In any case, as far as a terrorist concerned, any information gleaned from computers wi

They shouldn't even have a KVM. If you work on a government site, you get more slack than a contractor, but you still usually have to have an air-barrier between machines of different classifications. Same thing applies for projects of different classifications, usually.

Contractors negotiate the level of seperation, but it's not uncommon that machines of different classification aren't allowed in the same room as each other.

Your scenerio assumes information that sensitive is just freely available on a computer open to the internet. But classified information isn't transmitted lightly. Classified hard drives aren't on open networks and classified documents don't get emailed.

You're ignoring the story [cnn.com] of ex-CIO director John Deutch who used a computer containing classified information to surf the web from his home. All the security procedures in the world will not protect you from the person who feels that the rules just don't apply to him.

One of the reasons the Feds are MS's biggist customer is becouse almost every computer has two, even three licences. Most organizations buy a site licences and then get one with the Dell PC. If only Dell sold PC's without licences...

Dell does sell computers without an OS if you are a business or government. They will even substract the OS cost from the price of the machine. They cannot not do the same for home computers because of a contract they had with MS that basically stated since Dell was getting such a good deal on Windows licenses, they could not sell computers that didn't come with an OS.

Since businesses usually purchase a volume license, businesses needed an option not to buy Windows again. To get around this, Dell will ship computers with a lite version of DOS. You can't really do much with this version of DOS, but if your company is installing your volume license anyways, you don't need it.

The RFP (Request for Proposal) should be public information. They're not always easy to find, but they're out there.

Bids, on the other hand, are usually confidential. Pricing models, extra services offered, exact numbers of everything is not available to make sure that bidders don't game (ie, low-ball) their bid to kill the other guy.

If you file a FOIA (Freedom Of Information Act) request you can get the winning bid (even if you can't find it on a website). Just call the DHS Contracting office and ask them for it. If they refuse ask them to give you the number of the person who handles FOIA requests in their department. I looked at the DHS website [dhs.gov] and there are several contact #'s so I don't know which one should be contacted...

also anyone see this?

Redmond, Wash.-based Microsoft has landed a $470-plus million contract to issue soft

that DHS already has many Open Source (and non-MS) apps widely deployed... They are extensively using Apache, Squid, Open Office (in some places) and things like Java for other day to day operations...

It shall be very funny/ironic when "Homeland Security" gets hacked due to some newfound MS flaw. Actually, i'm frightened, as they will probably have ever detail they can glean from every person they can, opened up to some arsehole

Using a viarety of operating systems does not lend greater security. You're suggesting a sort of bastardized security through obscurity, wherein an attacker is not sure which OS is on Machine X even though he's already compromised Machine Y and knows everything about it - not a good method. Furthermore, even if this did help security and having multiple operating systems running would introduce complexity in that patches would have to be monitored for multiple systems. All operating systems are going to nee

Clippy: I see you are trying to run your police state. Would you like help:

-collecting data on pirates from WMP?-sending 'public service' announcements via Hotmail?-lock down computers of P2P users, who are probably terrorists?-forcing users to upgrade their computers to Windows 84?

All software running on trust(ed,worthy) systems must be verified and signed by DHS-approved auditing body.

Due to the enormous expense of this undertaking, a surcharge will be applied to every CPU, HDD, and piece of software used on trusted machines. DHS-approved auditing bodies will use the proceeds to monitor and manage all computer systems within the US.

Does anyone realize how often foreign governments and entities are spying on US corporations? There's a lot of industrial espionage out there.

Of course, the government is not only collecting information on individuals, they collect it on anything we're involved in, including our jobs and businesses.

It's pretty well-documented that Microsoft's software is full of holes and that they're not particularly good at fixing them. Witness Microsoft's own computers being taken down by a worm. My concern is that we've just given not-so-well-intentioned foreign parties a free pass to take a look at everything that's going on in the United States. Holes and hacks will be found. If they really cared about "security," they'd use a blend of different programs and software. Sure, a little more work, but a lto more work to penetrate.

I always thought that the Department of Home Security was a temporary thing. I guess this is a wake up call for me. I always thought that Department of Home Security would just, go away.
Something you invest $100,000,000 is designed to stay.

Is there any other real option for the government? I'm assuming everyone here wants a distro of Linux to be the government's OS of choice. Which one? Red Hat? Are they a large enough company to ensure 24/7 tech support on the governments' 140,000 computers? I don't know, and I don't think the government does either. I think Microsoft was the safe choice. Granted it's not the more secure operating system, but their needs go beyond that.

Alright, so they have some small security holes. The fact remains, however, that if you keep your security patches up to date, you'll be about as secure as one can be on the internet.

The reason that everyone (including the federal guvnment) still uses Microsoft is because, It Just Works(TM). I can pull windows out of its box, put it in my computer, and have it running in about 30 minutes. I don't have to manually pick out kernel drivers like with debian, I don't have to worry about RedHat not recognizing half my hardware (like my ATI or my AC97 sound chip). I can take any lance corporal off the field, and with windows, he's most likely to know how to at least do basic stuff like surf the web, read e-mail, etc. If the guvment were to use Linux, they would have to spend additional manpower on installation, more man power keeping those boxes up to date (or pay money for RedHats up2date service), not to mention retraining a lot of staff on how to use these computers.

Another reason for the Government choosing Windows is that they probally already have a majority of their services on windows, and to ask a Four Star General to approve a massive budget to switch away from what works to what might not work will take quite a bit of effort.

The reason that everyone (including the federal guvnment) still uses Microsoft is because, It Just Works(TM).

The Windows "just works" thing is a myth. I would say that 2/3rds of the time, an HW installation in Windows works OK. But the remaining 1/3rd is practically impossible to solve for an end-user.

Let me tell you the wonderful story of the Microsoft Bluetooth Mouse. I got hold of one of these right after Christmas and went home to try it out. As I was putting the CD in the computer, I noticed that

If you think about the reliability, uptime, and random reboot problems with many MS products then this could be great for us citizens.

We know all of the attempts to restrict our personal freedoms with wire taps, internet/email monitoring, and the ideology to put all of the collected info into a massive database for those who have the clearance to peruse. The best thing is, although, they might have your most personal info it will probably be collected and stored by a MS product.

What does that mean? It means it will either disapear or just spontaneously fragment and corrupt itself! Why our goverment chooses bloatware over dependablity and functionality is beyond me but they were never known for being frugal or making the best decisions in terms of bang for the buck. I'm sure MS is practically giving it away just to keep the business anyway.

It makes you wonder how many fuckups happen just out of using MS software. I'm not saying it's the worst or best because it does have it's use but since this story is about our goverment using it I'd prefer a more stable and dependable os/desktop. When I think of mixing MS software with our goverment all I see is the movie "Wargames" and that's not a nice thought.

...will we be handing out EULAs to anyone that wants to have diplomatic ties with us?

"...By installing this embassy, you absolve the United States Government of any responsibility for lost revenue, citizens, or infrastructure. Furthermore, you agree that you will not attempt to negatively influence the revenue, citizens, or infrastructure of the United States..."

-I feel safer already.-What's that, an oxymoron?-We would have caught Osamma but the server was down.-We could have caught Saddam but the server had a virus.-We could have stopped xyz but they were using unix and we couldn't read the file format.-In the interests of national security all computers must now run Windows.-Please change all NSC keys in the hive to DHS.-All you base are belong to us.

As others have observed, Microsoft is not the big winner here, although it is a winner. It gets to consolidate and aggregate its existing business, and sure it's probably squeezing Apple, IBM, etc some more here and there with this contract. And sure, it has locked down this portion of market share for FIVE MORE YEARS, which is bad. But...

The big winner is Dell. It's administering all this software business. It skims whatever it can before passing the lion's share on to Microsoft. It acquires a huge list of potential "customers" and tries to sell them Dell hardware. And it squeezes out a bunch of small fry who were ensconced in cozy government contracts. Excerpted from Government Computer News: http://www.gcn.com/vol1_no1/daily-updates/22743-1. html:

The department reached the agreement earlier this month, after inviting nine bidders, including GTSI Corp. of Chantilly, Va., and MarkSoft Management Resources Inc. of Canterbury, N.H., to present proposals.

Seriously, who are those two companies that got mentioned? Either wannabees, or hasbeens. Dell ate their lunch, and Dell has some other merchandise it would enjoy selling to the 280,000 eyeballs it just acquired for the next five years.

The single largest company ever to warn people not to use their software for life-and-death situations, is now going to have an exclusive with the government to help prevent the next 9/11 attack.

Considering that the only (repeat: only) effective Microsoft security measures to date are the ones that prevent people who've already stolen Windows-XP from upgrading it, it's pretty safe to say that we can all prepare to live with having any enemy who wants to know something knowing it while substantial numbers of us sit around glowing in the dark.

Today's bonus question: 'will the government's relationship with Microsoft include a EULA that precludes the government's suing them when they screw up?'

I did some short term consulting work with a company recently to help them prepare some bids on the last BAA (Broad Agency Announcement) sent out by the DHS. The scope and scale of the projects that were in the request were quite interesting, with some that were tailor made for linux (wearable computing initiatives, anyone?).

We haven't heard any updates on the bid selection, but after looking at a good portion of those potential projects I can truthfully say that Microsoft is going to have a really tough time filling the required roles for many of them, let alone doing it securely.

Given that there is practically no defense being offered for Microsoft nor the Dept. of Homeland Security in the above discussion, one has to wonder why these large contracts keep occurring and occurring and occurring. If they aren't based on merit, then what? What hard arguments do companies provide to keep going along with Microsoft's products? It isn't as if there were no alternatives, historically, and TCO arguments are fallacious at best.

The state of the current software industry makes me feel as if nothing is real and there is no reward for quality. It is really discouraging and makes me wonder if churning out more and more software is becoming counter-productive to the health of our civilization. Add in the recent economy, and I am beginning to see non-software-development and non-systems-administration jobs in my peripheral vision. These jobs are becoming more attractive, and it is almost to a point, where finding a job with no computer in sight is a compelling thought.

First I've heard of that. I know you can tell them that you want $3 to go to the presidential campaign fund (which incidentally I said yes to, because I don't think campaigns should be privately funded the way they are now - I know, Dubya et al can just get around it by not accepting the $3..).

I'd sure like that, but an acceptable compromise would be to move the income taxation from the federal level to the state. Let the feds beg for appropriations for a change, and let the citizens get better representat

It's called a representative democracy. If you're a citizen, then talk to your representatives. All of them have email, most of them read and respond to it.
Written letters are a quaint idea too. Do your best not to end up in the "loonies" folder.

No, no, it's just easier to assume everything Microsoft does is evil or has an evil ulterior motive. That way, you're not dissappointed when it turns out to be the case. Plus, someday, we might all be pleasantly surprised when MS finally exceeds our expectations, which are, admittedly, pretty low.

please stop looking at everything microsoft does as immoral - they are a company, their purpose is to make money.

Where in the article it was stated or otherwise implied that Microsoft is acting immorally? As far as I can see, it just mentioned that Microsoft got a deal while many hope that Linux would have got it. I see no references to unfair or immoral practises, just that it's unfortunate Linux wasn't chosen.

what would be the surprise? did MS do anything illegal here? or are they doing what companies do for fun; MAKING MONEY?

The problem I see here is that Microsoft's customer is the government. Where did the government get their money? Did they work hard and earn it? Hell, no! They took it by force. If the government wants more money, do they have to work harder for it or cut expenses (like the rest of us do)? Of course not! They just haul out the guns and take it! So, no, they didn't do anything ille

They can haul out their guns and take it, but as often as not they just haul out the printing press instead.

I've got an idea. Biodegradeable money. That way you can abolish taxes. Just adjust the amount of time the money will last before being eaten by bugs. (That would give a whole new meaning to "cold cash".)

As a taxpayer, am I free to NOT pay for Microsoft software? No! The government takes my money and buys Microsoft software with it. Microsoft, like so many other unprincipled companies who value money over freedom, beg like starving mongrels at the thought of taxpayer-plundered money.

please explain to me the reasons MS is immoral.

My god, where to start?

1. Microsoft developed poor-quality software that people were content to

Rather, I'm inclined to ask myself why the government is such a dedicated customer to a known criminal. Let's see, we convict Microsoft for monopolistic crimes (for the second time), and then we turn around and help solidify the monopoly ourselves.

For the cost of licensing softare from Microsoft, they could be training their employees to use a more permenant solution, they could be saving taxpayers money into the future, and they could put a

Microsoft isn't about making money so much any more. They're about maintaining control. The loss of an entire city government in an anti-American and anti-Microsoft country is a defeat that will probably have ripple effects which scare the poo out of Microsoft.

Those who know what they're doing (or think they do) like open systems because they can find answers without having to call up into some qued support line just to be told it was user error or thrid-party software to blame, anything but the OS, which is perfect, always, no discussions (unless some 'hacker' proves them wrong and the story hits CNN...). To be blatently biased as you already probably figured out about me: For those wothout a clue and no desire to get one, there's Microsoft.

Reality isn't so black and white as this, and I know plenty of MS-centric people who know what they're talking about, just as many Mac people who know their wares, many of whom more experienced than me I'm sure. But to say that Linux has zero support suggests that documentation isn't counted, which I count and count on daily. Speaking of documentation, Try using MS's knowledgebase to find an article on a specific issue, then hop to google.com/linux and look up how to do something specific in Linux, then tell me which one procuded a usable answer faster and easier.

As far as why more people don't use Linux, or any otehr OS, why not ask the hardware vendors that one. They sell the systems with Windows pre-installed to customers who have bought into the marketing over the years and are now floating though MS-land on auto-pilot. Someone interested in using Linux still for the most part has to install it themselves, something most people have no desire to do even to spite the OS they might percieve as evil (personally I don't think MS does anything any other profit-motivated entity would do given the position they're in; Everyone wants to own a monopoly in business, that's the reason we have public and consumer rights laws right?).

I hear end-users say "Gates is evil", "Microsoft is an monopoly", etc, all the time, though relearning their own computer is too much to do to put their feelings into some action. I can't blame them. If I wasn't interested in this stuff in the first place I'd probably be in the same situation.